There are some government agencies that most would expect to have a fair grasp
of security, even for those systems that are not core to their operations.
That's what we thought with the Australian Tax Office's Publication Ordering
System, but sadly, we were proven wrong.

University student Dan Farrall discovered that his UK government's
communication headquarters (GCHQ) careers site has been sending back passwords
in complete plain text. For those of us outside of the UK, GCHQ is one of
Britain's intelligence agencies, dealing primarily with signals intelligence
and charged with "safeguarding Britain's electronic communications and digital
space".

It works with the nation's security services and secret intelligence services
MI5 and MI6, and is thought of as the counterpart to the US National Security
Agency or Australia's Defence Signals Directorate.

As Farrall pointed out on his blog, apart from the harm to its reputation, the
sort of information that would be held within these systems would be
significant.